package com.stupid.eureka.server;

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

@EnableWebSecurity
public class WebSecurityConfig {
    @Bean
    SecurityFilterChain defaultSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                .authorizeRequests(
                        authorizeRequests -> authorizeRequests.antMatchers("/eureka/**").permitAll()
                                .antMatchers("/static/**").permitAll()
                                .antMatchers("/login").permitAll()
                                .anyRequest().authenticated()
                )
                .httpBasic(Customizer.withDefaults())
                //https://docs.spring.io/spring-cloud-netflix/reference/spring-cloud-netflix.html#_securing_the_eureka_server
                //禁用cross site request forgery,放开客户端注册过来
                .csrf().ignoringAntMatchers("/eureka/**");
        return httpSecurity.build();
    }
    @Bean
    public org.springframework.security.crypto.password.PasswordEncoder passwordEncoder() {
        //默认为DelegatingPasswordEncoder加密,这里先改成明文方式
        return NoOpPasswordEncoder.getInstance();
    }

}

